Web Hacker Boot Camp
by Gerald Quakenbush
ISBN: 097684071X, 236 pages, $39.95

Some of the most serious security flaws on the Internet today are application-layer flaws in custom web applications. Such vulnerabilities undermine all other system hardening efforts. While techniques to exploit application-layer flaws are common among hackers, most security professionals have little experience with them.

This book is a self-paced training guide that will help security professionals and web developers understand how many application-layer attacks work. Through hands-on, step-by-step exercises readers get to see first hand how hackers pull off a variety of attacks, such as SQL Injection, Session Hijacking, OS Command Injection, Cross-Site Scripting and Parameter Tampering.

Additionally, the book features:

  • Explanation of how HTTP based applications really work
  • The Web Hacker's Toolbox showing you the tools you need and how to use them, including extensive coverage of Paros, the open source proxy tool
  • A systematic, repeatable process for examining web applications for security flaws even if you don't have the source code

Available on the author's web site:

  • MasterBugs - a functional, real-world web application, used throughout the book
  • StealthVNC - a modification of the open-source VNC software used by the author to demonstrate how to assume full, graphical remote control of a target after exploiting various application-layer flaws
  • ZombieVM - a Linux virtual machine (for VMWare) with software containing flaws examined in the book

Isn't it about time you caught up with the hackers?

Gerald Quakenbush has more than 17 years experience in information technology and information security. He has several certifications including the CISSP and the NSA's IAM certification. He has worked for several years as a consultant performing application security assessments and audits. He is also a Certified Technical Trainer and conducts a two-day training program called Application Security Boot Camp on which this book is based.

Table of Contents

  • Introduction
  • Part I: Application Security Foundations
  • Chapter 1: Networks
  • Chapter 2: Web Applications
  • Chapter 3: Assessment Methodology
  • Chapter 4: Web Hacker's Toolbox
  • Part II: Poison Data
  • Chapter 5: Lab Setup
  • Chapter 6: SQL Injection
  • Chapter 7: Session Hijacking
  • Chapter 8: Parameter Tampering
  • Chapter 9: Cross-Site Scripting
  • Chapter 10: OS Command Injection
  • Chapter 11: Attack Variations
  • Chapter 12: Cryptography
  • Chapter 13: Mitigation Strategies